使用管理员终端运行以下脚本:
# 要求管理员权限
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
Start-Process powershell "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs
exit
}
# 核心注册表修改
$regPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
Set-ItemProperty -Path $regPath -Name "EnableLUA" -Value 0
Set-ItemProperty -Path $regPath -Name "ConsentPromptBehaviorAdmin" -Value 0
Set-ItemProperty -Path $regPath -Name "PromptOnSecureDesktop" -Value 0
# 组策略对应注册表项(等效gpedit设置)
Set-ItemProperty -Path $regPath -Name "EnableInstallerDetection" -Value 0 # 关闭安装程序检测
Set-ItemProperty -Path $regPath -Name "ValidateAdminCodeSignatures" -Value 0 # 不验证管理员代码签名
Set-ItemProperty -Path $regPath -Name "FilterAdministratorToken" -Value 0 # 不过滤管理员令牌
# 修改安全策略数据库(等效secpol.msc设置)
secedit /configure /cfg "$env:windir\inf\defltbase.inf" /db defltbase.sdb /verbose
# 立即生效技巧(无需重启)
$taskProcess = Get-Process explorer -ErrorAction SilentlyContinue
Stop-Process $taskProcess -Force -ErrorAction SilentlyContinue
# 用户确认
$choice = Read-Host "需要立即重启使设置完全生效?(Y/N)"
if ($choice -eq "Y") { Restart-Computer -Force }